Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
5309 Discussions

docker SR-IOV with IXGBE - Vlan packets getting spoofed

htadi
Beginner
2,126 Views

environment:

Redhat 7.4

ixgbe, ixgbevf (82599es ethernet controller)

docker 1.13

requirement:

The docker container had to have a trunk port which is mapped to a VF.

docker guest running in privileged mode.

Problem:

when the container emits the q-in-q packets, the kernel drops as the packets are spoofed.

in the recv direction how can i classify based on the vlan (with no vlan interface in the container)?

Thanks for the help

0 Kudos
7 Replies
idata
Employee
1,104 Views

Hi Hari_tadiparthi,

 

 

Thank you for posting in Wired Communities. For 82599es ethernet controller, Q-in-Q VLAN is not supported. Hope this clarifies.

 

 

Thanks,

 

Sharon T
0 Kudos
htadi
Beginner
1,104 Views

thanks for your answer.

Atleast the below is possible ?

if i set the vf to classify based on vlan, vf strips the tag and forwards to the container.

is it possible to configure the vf to pass the tag as it is rather than strip the tag ??

0 Kudos
idata
Employee
1,104 Views

Hi Hari_tadiparthi,

 

 

You are welcome. Just to clarify what is the entire setup? Are you trying to configure the VF on the 82599ES in a VM then forward the packets to another PC (with the same VLAN) in the same container?

 

 

Please provide more information for better investigation.

 

 

Regards,

 

Sharon T

 

 

0 Kudos
htadi
Beginner
1,104 Views

the container/vm need to interact with the device on the network which is sending vlan tagged the packets.

the conainer/vm need to classify the traffic based on the vlan tags.

i need the vf to handle the packets to vm without removing the tags.

0 Kudos
idata
Employee
1,104 Views

Hi Hari_tadiparthi,

 

 

Thank you for the information provided. Just to double check to clarify my understanding about your setup:

 

 

1) Is the device you mentioned refer to another virtual machines? Which means you are trying to send vlan tagged packets from one VMs to another VM within the same container through a trunk port?

 

2) You mentioned about trunk port mapped to VF. Where is this trunk port located or configured?

 

 

Thanks,

 

Sharon T
0 Kudos
idata
Employee
1,104 Views

Hi Hari_tadiparthi,

 

 

Just to double check if your question here is similar to the question you posted in https://communities.intel.com/thread/123410 https://communities.intel.com/thread/123410.

 

 

Thanks,

 

Sharon T
0 Kudos
idata
Employee
1,104 Views

Hi Hari_tadiparthi,

 

 

Please feel free to confirm and if further assistance needed.

 

 

Thanks,

 

Sharon T
0 Kudos
Reply